The Adopt Member tool provides a solution for allowing end users
(when using programs) to perform the typical member functions (add,
remove, and clear) on files regardless of how the files are
authorized. Three commands are provided:
ADDPFMADP - Same as ADDPFM
CLRPFMADP - Same as CLRPFM
RMVMADP - Same as RMVM
The commands all adopt an owner who has *ALLOBJ special authority.
Each of the commands checks the specified file to ensure that it
exists in the ADPMBR data area in TAASECURE. If the file is defined,
the function is performed. If the file does is not defined, an
escape message is issued.
The Security Officer defines which files are valid by using the
EDTCONARR TAA Tool command on the ADPMBR data area in TAASECURE.
Normal security of files
------------------------
When a file is created, the default action allows a user to add,
delete, or change records in an existing member.
However, the default security does not allow a typical end user to
add, clear, or remove a member. Any of these functions requires the
*OBJMGT right.
If the application requires the user to add, clear, or remove a
member, there are several solutions:
** Give the *OBJMGT right for each file required to all users of
the application
** Use a program that adopts authority
** Grant *ALLOBJ authority to the users
None of these solutions is ideal. The ADPMBR tool provides an
alternative solution which provides several advantages.
ADPMBR Advantages
-----------------
** The file authorization does not need to change from the
default used on the Create command. This prevents any user
from specifying one of the 3 system member commands (ADDPFM,
CLRPFM, RMVM) unless he is the owner or has *ALLOBJ authority.
** The 3 commands provided by the tool can only be used in a
program (they are arbitrarily restricted so that they cannot
be used from a command entry display). This prevents the
casual use by an end user (it is possible for an end user to
directly call one the CPPs provided if the proper parameter
list is passed).
** The Security Officer decides what files are valid to be used
by the 3 commands provided by the tool. The naming of a file
can be done at any time (the file does not have to be closed
to make an authorization change).
** The tool provides commands that are similar to the 3 system
commands (all the same parameters and options exist).
Security Officer actions
------------------------
The data area ADPMBR exists in TAASECURE and is shipped with a sample
entry. The Security Officer enters the file names (and qualified
library) that are valid to be used by the 3 commands provided by the
ADPMBR tool. The ADPMBR data area is maintained with the EDTCONARR
TAA command (part of the CONARR TAA Tool):
EDTCONARR DTAARA(TAASECURE/ADPMBR)
When the edit display appears, a 20 character value should be entered
with the file name in the first 10 bytes and the library in the
second 10 bytes.
Up to 45 files may be entered.
It is possible to use the special values *LIBL or *CURLIB as the
library qualifier. In fact, either function may be helpful to allow
the same file to exist in different libraries and be controlled by
the users library list. All 3 of the commands provided by the tool
default the library qualifier to *LIBL. Thus if ADDPFMADP is
specified as:
ADDPFMADP FILE(FILEX) MBR(MBR1)
ADDPFMADP will search the ADPMBR data area for the file named:
'FILEX *LIBL '
If the file is not defined in the data area, an escape message is
sent.
It is possible to enter the same file name using both a qualified
name and the special values. Thus the ADPMBR data area might contain
values such as:
'FILEX *LIBL '
'FILEX *CURLIB '
'FILEX LIB1 '
'FILEY LIB2 '
The only significant requirement is that the entry in the data area
must match exactly what is specified on the commands provided by the
tool. Note that you must provide a library value in the ADPMBR data
area (a blank value will not allow any of the 3 tool commands to
operate properly).
When the Security Officer has defined a file, he can then inform the
programmers that they may use the 3 tool commands in their
application programs for that file.
Example
-------
Assume the application needs to allow end users to add, remove, or
clear a member during a program. The file is created with the normal
security defaults (meaning the *OBJMGT right is restricted to the
owner or a user with *ALLOBJ authority).
The Security Officer uses EDTCONARR as described previously to enter
the file name into the ADPMBR data area in TAASECURE. The value
appears as:
'WRKFILE *LIBL '
The programmers may now use any of the 3 tool commands in their
programs:
ADDPFMADP FILE(WRKFILE) MBR(MBRX)
.
.
CLRPFMADP FILE(WRKFILE) MBR(MBRX)
.
.
RMVMADP FILE(WRKFILE) MBR(MBRX)
Escape messages you may monitor for
-----------------------------------
The following special TAA messages are provided:
TAA9896 The file name does not exist in the ADPMBR data area
TAA9893 The file name exists in the ADPMBR data area, but
the actual file cannot be found. An internal CHKOBJ
command is used to determine if the file exists.
TAA9897 Used by ADDPFMADP when the member already exists in
the file.
TAA9895 Used by CLRPFMADP and RMVMADP when the member does
not exist in the file.
System escape messages may also occur such as if the member is
allocated and cannot be cleared. These are the normal escape
messages sent by the system commands that will be resent to your
program.
ADDPFMADP Command parameters *CMD
----------------------------
FILE The qualified file name. The library value defaults
to *LIBL. *CURLIB may also be specified.
MBR The member to be added.
TEXT The member text to be used. The default is *BLANK.
EXPDATE The member expiration date. The default is *NONE.
SHARE Whether the open data path is to be opened shared.
This is a *YES/*NO value that defaults to *NO.
SRCTYPE The source type if a source file is used. The
default is *NONE.
CLRPFMADP Command parameters *CMD
----------------------------
FILE The qualified file name. The library value defaults
to *LIBL. *CURLIB may also be specified.
MBR The member to be cleared. The default is *FIRST.
The special value *LAST may also be used.
RMVMADP Command parameters *CMD
--------------------------
FILE The qualified file name. The library value defaults
to *LIBL. *CURLIB may also be specified.
MBR The member to be removed. A generic name or the
special value *ALL may also be entered.
Restrictions
------------
The CONARR tool allows up to 45 files to be described.
Prerequisites
-------------
The following TAA Tools must be on your system:
CONARR Constant array
Implementation
--------------
The tool is ready to use, but the Security Officer must first make
entries into the ADPMBR data area in TAASECURE using EDTCONARR to
define the valid files (see previous discussion).
Objects used by the tool
------------------------
Object Type Attribute Src member Src file
------ ---- --------- ---------- ----------
ADDPFMADP *CMD TAAMBRJ QATTCMD
CLRPFMADP *CMD TAAMBRJ2 QATTCMD
RMVMADP *CMD TAAMBRJ3 QATTCMD
TAAMBRJC *PGM CLP TAAMBRJC QATTCL
TAAMBRJC2 *PGM CLP TAAMBRJC2 QATTCL
TAAMBRJC3 *PGM CLP TAAMBRJC3 QATTCL
Structure
---------
ADDPFMADP Cmd
TAAMBRJC CL pgm
CLRPFMADP Cmd
TAAMBRJC2 CL pgm
RMVMADP Cmd
TAAMBRJC3 CL pgm